This is a simple but brilliantly executed heist. Pretend to be the sender by sending from a similar looking domain.
One of the domains was a look-alike of the Chinese investment company’s domain; the other was a spoof of the Israeli firm’s domain. In both instances, the threat actors simply added an “s” to the end of the original domain name.
The next phase of the scam involved the attackers sending two emails with the same subject header as the original email thread about the planned seed funding.
Money meant to fund an Israeli startup wound up directly deposited to the scammers.